1. Field of Invention
The present invention relates to systems and methods of proximity recognition systems (PRS's), wherein a visitor's presence and location within a venue are monitored and received by one or more sensor devices located at known locations.
2. Description of Related Art
This invention uses a similar method and procedure for proximity detection and recognition of WLAN and related enabled mobile devices as described in pending U.S. application Ser. No. 14/104,417 (Title: “Method and System for Wireless local area network Proximity Recognition”), which, in its entirety, is incorporated herein by reference.
A growing percentage of people carry an 802.11 enabled device (i.e. smart phone or tablet) while visiting venues (i.e. malls, retail stores). If turned on, these will usually be periodically broadcasting data packets (i.e. probing for available access points or communicating with a public access point they are currently connected to).
Every 802.11 enabled device has a media access control (MAC) address which is sent as part of each packet it broadcasts. In normal operation, this MAC address uniquely differentiates it from all other 802.11 enabled devices. The address consists of six bytes. The first three bytes identify the device supplier (e.g. Apple or Samsung) and the final three bytes uniquely identify the device within the supplier group.
802.11 wireless local area networks use high frequency radio technology. An 802.11 enabled computer or sensor device is generally designed with a wireless network interface controller (WNIC) which is its interface to its radio transceiver. It has become standard for this WNIC to have the capability of being put in monitor (RFMON) mode. In this mode, all packets (or “Protocol data units” or PDUs under 802.11 protocol) seen by the wireless radio transceiver the WNIC interfaces to, can be obtained and analyzed by an application program. Each packet or PDU has the MAC address of the source device that generated and broadcast it. Upon reception, the PDU is augmented with the time of reception and the signal strength it was recorded to have been received with. The latest versions of Mac OS X, Microsoft Windows and Linux support this functionality. Also Linux variants such as OpenWrt and DD-WRT that are targeted to run on a wide variety of routers support this functionality. Examples of operating environments mentioned herein are non-limiting of the principles of the present invention which can be implemented otherwise.
These augmented packets (with their source MAC addresses, received signal strengths and reception time) are available to applications running on these receiving devices. A single receiving device can thus detect presence (based on source MAC address) and determine proximity (based on signal strength). The readings from a group of two or more such devices at known fixed positions in a venue can be used to detect the changes in locations (paths traversed) within the venue, of the people carrying the transmitting devices as they move within the venue (by recording relative signal strengths for given source MAC addresses). By combining this data over time, such statistics of frequencies of visits to a venue, traffic patterns within a venue and number of common visitors between venues, can be obtained.
A Proximity Recognition System (PRS) includes one or more Proximity Recognition Devices (PRDs) with a Central Station or Central Controller (CC). The Central Controller receives and analyzes the readings from the PRDs and is used by the operator of the PRDs/PRS to generate reports. The physical locations of each PRD may be known (or knowable) by the Central Controller.
The original standard Unix user authentication mechanism had a user enter a password (i.e. a string of characters that they would be able to remember and re-enter whenever they desired to log in to the system). The system would hash this password (run it through a function that generated a fixed length “fingerprint” that could not be used to obtain the original password—that is, a one-way function that could not be reversed). Only this hashed fingerprint (not the original password) was ever stored (e.g. in the /etc/passwd or /etc/shadow files in the Unixx environment). When the user re-entered their password on a subsequent log in (authentication procedure) the same function would be applied to it and the result compared to the stored hashed fingerprint. A match raised the inference that they had re-entered the original password and the authentication was considered to be successful.
This basic password authentication mechanism has been attacked by running a group of likely password candidates (i.e. common names) through the hash function used and comparing against the actual hashed values for the passwords (e.g. in the /etc/passwd or /etc/shadow files in the Unix environment). For any matches found, the attacker will have determined the original password. This is often referred to as a “look-up table” attack (where the look-up table contains the likely password candidates each with the value they hash to).
A technique in common usage to protect against a “look-up table” attack is to “salt” the passwords. When a new or changed password is entered by the user, a random string is generated (its “salt”) and combined with the password. This combined string is then hashed. This hashed value and its salt are stored together in the password table (e.g. in the /etc/passwd or /etc/shadow files in the Unix environment).
This “salting” technique is now commonly used for passwords to access certain functionality in websites. Website visitors are asked to create such passwords But they will often use weak passwords and use the same password for more than one if not all of their sites. Websites may have thousands to millions of users. The salting protects against a site's password database against breach and the “look-up table” attack being used to obtain a large number of passwords that could then be used to attack other sites.
Web sites and companies deploying internal networks of computers (i.e. those running Microsoft Windows or Linux) can also set up and enforce password policies where they force levels of complexity (i.e. minimum length and minimum number of lower, upper, numeric and/or punctuation characters) and age limits (i.e. number of days) on all the passwords.